<?php
	$name = $_GET['name'];
	$password = $_GET['password'];
	$npw = $_GET['npw'];
	
	$dbhost = 'localhost';
	$dbuser = 'root';
	$dbpass = 'root';
	$database = 'sb';
	
	$conn = mysqli_connect($dbhost,$dbuser,$dbpass,$database);
	if(!$conn){
		exit('数据库连接失败');
	}
	
	$sql = "SELECT*FROM lm WHERE name='$name' AND password='$password'";
	
	$retval = mysqli_query($conn,$sql);
	
	$row = mysqli_fetch_row($retval);
	
	if(!preg_match("/^\w{6,20}$/",$npw)) {
		header("Location:./try02.html");
		exit;
	}
	

	
	if($password == $npw) {
		header("Location:./try031.html");
		exit;
	}else{
		$sql = "UPDATE lm SET password = '$npw' WHERE name = '$name'";
		$retval = mysqli_query($conn,$sql);
		header("Location:./try032.html");
		exit;
	}
	
	if(!$retval)
	{
			exit("数据不行:" . mysqli_error($conn));
	}
 ?>